This story is part of The Privacy Divide, a series that explores the fault lines and disparities–cultural, economic, philosophical–that have developed around digital privacy and its impact on society.
In 1969, a woman named Barbara James walked into a neighborhood legal services office in New York City in search of help to fight the city’s home visit policy. Her case worker had told her that if she wanted welfare benefits for her and her 2-year-old son Maurice, she would have to allow a home visit as part of the welfare verification process. James didn’t want officials searching her home, and offered instead to provide documentation to demonstrate her eligibility. Her refusal eventually led the city to terminate her benefits.
The case of Wyman v. James would make it all the way to the Supreme Court, where the court upheld the home visit policy. Decades later, another mother seeking welfare benefits had her home searched twice in unscheduled visits by officials in San Diego. She received her benefits, but sued the city, and in the case of Sanchez v. San Diego, Wyman v. James was used to uphold the visits. Ultimately the court hearing the case compared mothers on welfare to criminals on probation in terms of their right to privacy. In 2007, that decision was upheld by the Supreme Court.
“Why is someone who is getting government assistance to feed her child, why are we comparing her to a criminal on probation?” says Michele E. Gilman, a law professor has written extensively about privacy law and poverty. “What’s criminal about a mother wanting to care for her children?”
Last year’s Cambridge Analytica scandal took data privacy concerns mainstream as people started to see the societal impact that misuse of their personal data could have on them. Even Facebook is now trying to rebrand itself as a privacy-focused company. But there are some people whose data privacy has been violated for decades in ways that affect their everyday lives: the poor and the marginalized. How their data is used and abused, and the harm that they suffer as a result, shows one potential future for all of us.
“Middle-class and wealthy Americans need to realize that novel surveillance techniques are typically used first on the poor,” Gilman wrote in a 2012 article. “By the time these strategies spread beyond controlling the poor, any ‘reasonable expectations’ against their use have dissolved.”
Low-income communities have historically been been monitored by government and their privacy has been routinely invaded. In Colonial America, most towns had an “overseer of the poor” who tracked poor people and either chased them out of town or auctioned off their labor. Current public benefits programs ask applicants extremely detailed and personal questions and sometimes mandate home visits, drug tests, fingerprinting, and collection of biometric information.
Gilman has seen these disparities up close, while supervising law students representing low-income clients in Baltimore.
“Through the stories of my clients I became interested in privacy issues which, I felt, were a luxury of wealthier people,” says Gilman. “When you’re representing poor people it can be tempting to focus on immediate needs like housing, food, and healthcare, but dignity and autonomy, to me, are just as important.”
Employers of low-income workers listen to phone calls, conduct drug tests, monitor closed-circuit television, and require psychometric tests as conditions of employment. Prisoners in some states have to consent to be voiceprinted in order to make phone calls. Low-income research participants in the Our Data Bodies project talk about feeling uneasy, frustrated, overwhelmed, frightened, and angered by their experiences with data collection. Yet higher-income recipients of government income transfers are not subjected to the same kind of aggressive data collection.
“I get valuable government benefits in my mortgage home deduction, childcare tax credits, my employer health benefits aren’t taxed,” says Gilman. “Those are income transfers just as much as food stamps or welfare but I am not put through intrusive questioning, verification requirements, home visits, or anything like that to get those benefits.”
Once the welfare system collects an applicant’s data, that data is shared and compared across multiple government and commercial databases. These databases are plagued by outdated, inaccurate, and incomplete information. Gilman’s students often expunge arrest records that did not lead to convictions from state databases on behalf of their clients. But if the data has already been purchased by data brokers, that arrest record can still limit someone’s access to housing, jobs, and other opportunities far into the future.
Many of these effects are invisible with their causes opaque. “I have had clients being denied benefits based on algorithms that are not transparent, that can’t be explained, which make it very hard as a lawyer to challenge them,” says Gilman. “I can’t cross-examine an algorithm.”
Personal data is used to deny low-income people access to resources or opportunities, but it’s also used to target them with predatory marketing for payday loans or even straight-up scams. In a 2015 survey on data privacy and security, 48% of the lowest-income group said they were “very concerned” about becoming the victim of an internet scam or fraud, compared with only 24% of adults in the highest earning group. 11% of those in households earning less than $20,000 per year had actually been a victim of an online scam compared with only 4% of those earning $100,000 or more per year.
“The harms for low-income people of a lack of data privacy are more concrete than for middle- and upper-income people,” says Gilman. “You become a target of predatory financial services, or on the other extreme you’re excluded from more desirable offerings.”
Undocumented immigrants, day laborers, homeless people, and those with criminal convictions suffer from another data extreme: living beyond the reach of the data collection systems needed to thrive in society, they gain so much “privacy” that they become increasingly invisible. Living in this “surveillance gap” can be as damaging as living under constant surveillance, and is often a reaction to it.
Residents of the surveillance gap may not have a permanent address, a social security number, or immigration papers. This means that they can’t get access to resources that could help them, often can’t access legal employment or vote, and are invisible to policymakers. For example, many of the approximately 11 million undocumented immigrants who live in the United States work in low-wage, dangerous jobs, where they suffer from wage theft and uncompensated workplace injuries.
“I help people in my clinic with wage claims,” says Gilman. “People aren’t getting paid. To prove those cases, you need records. There are no records because it’s an underground economy. The truth is that people do not want privacy absolutely; rather, they want to choose when to give it up and when to retain it.”
A perfect storm of privacy risks
Mary Madden, a researcher at Data and Society, has studied sensitivities around data privacy among lower income communities. Using a nationally representative survey commissioned in 2015, she found that people living in U.S. households with annual incomes of less than $20,000 per year were acutely aware of a range of digital privacy harms. The survey–which polled 3,000 American adults, including an oversample of adults with annual household incomes of less than $40,000–found that:
- 52% of those in the lowest-earning households said that not knowing what personal information is being collected about them or how it is being used made them “very concerned”; for those in the highest-income households, the number was 37%.
- Sixty percent of those in the lowest-income households said they were very concerned about the loss or theft of financial information (even though they are less likely to have suffered information theft than higher-income groups), while just 38% of those in the highest-earning households said the same.
- Thirty-eight percent of respondents in the lowest-income households said they are “very concerned” that they or someone in their family may be the target of online harassment, while only 12% of adults in the highest-earning households reported this level of concern.
- Foreign-born Hispanics were particularly worried about data privacy and security. Eighty-nine percent of foreign-born Hispanics were concerned about the potential loss or theft of their financial information and 62% were “very concerned” about being unfairly targeted by law enforcement, compared with only 13% of whites.
More generally, there was an overlap between respondents’ concerns about offline and online security, says Madden. “We found that folks who were offline were concerned about their own safety in their neighborhood, were concerned about being unfairly targeted by law enforcement, for instance, and were also more likely to be concerned about an array of online privacy harm,” she says.
Madden’s research, and that of others, suggests that low-income Americans live in a perfect storm of privacy dangers. They are targeted more aggressively than other income groups for data collection and suffer more concrete harm as a result. Madden’s findings indicate that they are also less likely to use basic privacy protections like not sharing their location on social media. Low-income respondents in the survey were more interested than high-income groups in learning strategies to help them secure their personal information, like using strong passwords, understanding privacy policies, and knowing how to avoid online scams, but they also felt that they have less access to the resources that would help them to learn these strategies.
“There’s this direct trade-off between the amount of time and the resources you have and the extent to which you can protect certain information,” says Madden.
Her findings are backed up by the work of security researcher Elissa Redmiles. In one paper, Redmiles looked at whether users make rational decisions about whether to use security protections like two-factor authentication to protect a fictional bank account. “Low-SES (Socioeconomic status) and low-skill users have much higher costs to doing something like two factor authentication,” she says. “For the least resourced users, sometimes security/privacy is just too time-intensive.”
Redmiles also found that higher income users, those with higher levels of internet skills and those who had received specialized workplace security training related to privacy laws like HIPPA or FERPA were more likely to rely on more authoritative security advice sources like IT professionals in their workplace or high-quality websites. Less-educated and lower-income internet users were more likely to get their security information from friends and family.
When it comes to controlling or scrubbing personal data that’s already been gathered–data that can be used by credit and risk-scoring agencies, or by potential employers or landlords–lower-income users are also at a disadvantage.
Under provisions in the 2018 General Data Protection Regulation (GDPR), EU citizens can ask companies what personal data is being stored about them and in some circumstances can have it removed from corporate databases. EU citizens can also request that personal data be removed from search engine results in a provision called the right to be forgotten. In 2018, Google released data on the 2.4 million “right to be forgotten” requests that it received between 2014 and 2018. Most delisting requests (30%) related to professional information or professional wrongdoing and self-authored content like social media posts. And just 1,000 requesters, or 25% of the total, generated 15% of all URLs. Many of these frequent requesters were law firms and reputation management services.
Wealthier users meanwhile have an array of privacy-protecting tools at their disposal. Reputation management firms like Igniyte charge $1,850 to $26,000 per month to repair the online reputations of individuals or companies by removing or suppressing negative content, adding positive content and tweaking SEO.
“Your upper-middle-class or upper-class American has a wide array of resources, and is much more likely to have the time to do things like hire a company to scrub the internet of any unsavory information or to learn how to game a hiring algorithm to get an employer to look at your resume,” says Madden.
New legal protections could help level the playing field for data protection in the United States. U.S. privacy law was originally developed to protect the rich against press attacks on their reputation and has not moved on sufficiently since.
“Comprehensive privacy legislation is being seriously considered, which is a change,” says Gilman. “I just want to make sure that if things get enacted, there is attention to people who are marginalized, who experience privacy differently. Otherwise, we’re just going to maintain the privacy haves and privacy have-nots, where privacy is a luxury for affluent people.”
A new Vermont law requires companies that buy and sell third-party personal data to register with the Secretary of State, and a law set to go into effect in California in 2020 aims to offer the country’s strongest-yet personal data protections.
Gilman thinks that more stringent measures–such as GDPR’s right to explanation–would go farther to help marginalized people in the U.S. The right to explanation means that if an algorithm denies you access to a welfare benefit or a loan or a job, you would at least have the right to ask why. Gilman thinks that the right to be forgotten might also mesh well with U.S. culture.
“In the U.S. people go in and out of poverty,” she says. “Most Americans enter poverty at some point in their lives. The idea to start fresh and not be always stigmatized by having to need public benefits at one point or falling below the poverty line is a great idea that actually seems to fit within our very individualistic culture.”
There are measures that individuals can take to protect their own data but the ecosystem of companies that collect, sell, and manipulate personal data has become so complex that it is becoming impossible even for experts to navigate it. “It’s increasingly not going to be reasonable to expect individual users to be accountable for the state of their privacy,” says Madden. “So I think we do need to look more towards responses that involve policy measures that instill some level of accountability for companies in the choices that they make.”